@civic/auth 0.0.1-beta.0 → 0.0.1-beta.10

package/README.md

@@ -33,34 +33,34 @@ First, import the CSS styles in your main application file (e.g., `_app.tsx` for
 import "@civic/auth/styles.css";
 ```
 
-### Setup CivicProvider
+### Setup CivicAuthProvider
 
-To use the Civic Auth Client SDK, wrap your application with the `CivicProvider` component. This will allow the authentication context to be accessible throughout your app.
+To use the Civic Auth Client SDK, wrap your application with the `CivicAuthProvider` component. This will allow the authentication context to be accessible throughout your app.
 
 ```tsx
-import { CivicProvider } from "@civic/auth/react";
+import { CivicAuthProvider } from "@civic/auth/react";
 
 function App({ children }) {
   return (
-    <CivicProvider clientId="your-client-id" redirectUrl="https://your-app.com/callback">
+    <CivicAuthProvider clientId="your-client-id" redirectUrl="https://your-app.com/callback">
       {children}
-    </CivicProvider>
+    </CivicAuthProvider>
   );
 }
 ```
 
-The only required prop for `CivicProvider` is the `clientId`. By default, the SDK uses Civic's endpoints. If you need to use your own endpoints, you can provide them using the `config` prop. See the advanced configuration section below for more details.
+The only required prop for `CivicAuthProvider` is the `clientId`. By default, the SDK uses Civic's endpoints. If you need to use your own endpoints, you can provide them using the `config` prop. See the advanced configuration section below for more details.
 
 ### Advanced Configuration
 
-If you want to use your own endpoints, you can pass a `config` object to the `CivicProvider` as shown below:
+If you want to use your own endpoints, you can pass a `config` object to the `CivicAuthProvider` as shown below:
 
 ```tsx
-import { CivicProvider } from "@civic/auth/react";
+import { CivicAuthProvider } from "@civic/auth/react";
 
 function App({ children }) {
   return (
-    <CivicProvider
+    <CivicAuthProvider
       clientId="your-client-id"
       redirectUrl="https://your-app.com/callback"
       config={{
@@ -72,7 +72,7 @@ function App({ children }) {
       }}
     >
       {children}
-    </CivicProvider>
+    </CivicAuthProvider>
   );
 }
 ```
@@ -118,6 +118,32 @@ function Header() {
 }
 ```
 
+### Embedding the login iframe in your page
+
+The default displayMode for user login is 'iframe' which will show a modal containing the login page for users, when the `signIn` hook is called. If you want to customize where this page is shown and embed it into your page instead i.e. in the case where you have a landing page and don't want users to have to click on a 'sign-in' button, you can embed the login iframe directly inside your page and it will work just like in the modal, as long as it is a child of a <CivicAuthProvider>. In this mode, the iframe auto-loads the login page.
+
+To enable this mode, you need to set the parameter 'modalIframe' to `false` (it defaults to `true` in normal operation).
+
+The example below shows the iframe centered inside a div embedded on the page:
+```tsx
+import { CivicAuthProvider } from "@civic/auth/react";
+
+function App({ children }) {
+  return (
+    <CivicAuthProvider
+      clientId="your-client-id"
+      redirectUrl="https://your-app.com/callback"
+      modalIframe={false}
+    >
+      {children}
+      <div className="flex min-h-[200px] items-center justify-center">
+        <CivicAuthIframeContainer />
+      </div>
+    </CivicAuthProvider>
+  );
+}
+```
+
 ### Token Management with useToken Hook
 
 The `useToken` hook can be used to access and manage tokens within your application. This hook provides the current access and ID tokens, a refresh function, and token loading/error states.

package/dist/chunk-CRTRMMJ7.js

@@ -0,0 +1,59 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});var __defProp = Object.defineProperty;
+var __defProps = Object.defineProperties;
+var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
+var __getOwnPropSymbols = Object.getOwnPropertySymbols;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __propIsEnum = Object.prototype.propertyIsEnumerable;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __spreadValues = (a, b) => {
+  for (var prop in b || (b = {}))
+    if (__hasOwnProp.call(b, prop))
+      __defNormalProp(a, prop, b[prop]);
+  if (__getOwnPropSymbols)
+    for (var prop of __getOwnPropSymbols(b)) {
+      if (__propIsEnum.call(b, prop))
+        __defNormalProp(a, prop, b[prop]);
+    }
+  return a;
+};
+var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
+var __objRest = (source, exclude) => {
+  var target = {};
+  for (var prop in source)
+    if (__hasOwnProp.call(source, prop) && exclude.indexOf(prop) < 0)
+      target[prop] = source[prop];
+  if (source != null && __getOwnPropSymbols)
+    for (var prop of __getOwnPropSymbols(source)) {
+      if (exclude.indexOf(prop) < 0 && __propIsEnum.call(source, prop))
+        target[prop] = source[prop];
+    }
+  return target;
+};
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
+
+
+
+
+
+
+exports.__spreadValues = __spreadValues; exports.__spreadProps = __spreadProps; exports.__objRest = __objRest; exports.__async = __async;
+//# sourceMappingURL=chunk-CRTRMMJ7.js.map

package/dist/chunk-CRTRMMJ7.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/kevincolgan/code/civic-auth/packages/civic-auth-client/dist/chunk-CRTRMMJ7.js"],"names":[],"mappings":"AAAA,6EAAI,UAAU,EAAE,MAAM,CAAC,cAAc;AACrC,IAAI,WAAW,EAAE,MAAM,CAAC,gBAAgB;AACxC,IAAI,kBAAkB,EAAE,MAAM,CAAC,yBAAyB;AACxD,IAAI,oBAAoB,EAAE,MAAM,CAAC,qBAAqB;AACtD,IAAI,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,cAAc;AAClD,IAAI,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,oBAAoB;AACxD,IAAI,gBAAgB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,EAAE,EAAE,KAAK;AAC/J,IAAI,eAAe,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG;AAC/B,EAAE,IAAI,CAAC,IAAI,KAAK,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAChC,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC;AAClC,MAAM,eAAe,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AACvC,EAAE,GAAG,CAAC,mBAAmB;AACzB,IAAI,IAAI,CAAC,IAAI,KAAK,GAAG,mBAAmB,CAAC,CAAC,CAAC,EAAE;AAC7C,MAAM,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC;AACpC,QAAQ,eAAe,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AACzC,IAAI;AACJ,EAAE,OAAO,CAAC;AACV,CAAC;AACD,IAAI,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC;AACjE,IAAI,UAAU,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG;AACrC,EAAE,IAAI,OAAO,EAAE,CAAC,CAAC;AACjB,EAAE,IAAI,CAAC,IAAI,KAAK,GAAG,MAAM;AACzB,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AACpE,MAAM,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC;AACjC,EAAE,GAAG,CAAC,OAAO,GAAG,KAAK,GAAG,mBAAmB;AAC3C,IAAI,IAAI,CAAC,IAAI,KAAK,GAAG,mBAAmB,CAAC,MAAM,CAAC,EAAE;AAClD,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AACtE,QAAQ,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC;AACnC,IAAI;AACJ,EAAE,OAAO,MAAM;AACf,CAAC;AACD,IAAI,QAAQ,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG;AAClD,EAAE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG;AAC1C,IAAI,IAAI,UAAU,EAAE,CAAC,KAAK,EAAE,GAAG;AAC/B,MAAM,IAAI;AACV,QAAQ,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACnC,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE;AAClB,QAAQ,MAAM,CAAC,CAAC,CAAC;AACjB,MAAM;AACN,IAAI,CAAC;AACL,IAAI,IAAI,SAAS,EAAE,CAAC,KAAK,EAAE,GAAG;AAC9B,MAAM,IAAI;AACV,QAAQ,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;AACpC,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE;AAClB,QAAQ,MAAM,CAAC,CAAC,CAAC;AACjB,MAAM;AACN,IAAI,CAAC;AACL,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC;AACpG,IAAI,IAAI,CAAC,CAAC,UAAU,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AACnE,EAAE,CAAC,CAAC;AACJ,CAAC;AACD;AACA;AACE;AACA;AACA;AACA;AACF,yIAAC","file":"/Users/kevincolgan/code/civic-auth/packages/civic-auth-client/dist/chunk-CRTRMMJ7.js"}

package/dist/chunk-EAANLFR5.mjs

@@ -0,0 +1,148 @@
+import {
+  withoutUndefined
+} from "./chunk-PMDIR5XE.mjs";
+import {
+  __spreadProps,
+  __spreadValues
+} from "./chunk-RGHW4PYM.mjs";
+
+// src/lib/logger.ts
+import debug from "debug";
+var PACKAGE_NAME = "@civic/auth";
+var DebugLogger = class {
+  constructor(namespace) {
+    this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);
+    this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);
+    this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);
+    this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);
+    this.debugLogger.color = "4";
+    this.infoLogger.color = "2";
+    this.warnLogger.color = "3";
+    this.errorLogger.color = "1";
+  }
+  debug(message, ...args) {
+    this.debugLogger(message, ...args);
+  }
+  info(message, ...args) {
+    this.infoLogger(message, ...args);
+  }
+  warn(message, ...args) {
+    this.warnLogger(message, ...args);
+  }
+  error(message, ...args) {
+    this.errorLogger(message, ...args);
+  }
+};
+var createLogger = (namespace) => new DebugLogger(namespace);
+var loggers = {
+  // Next.js specific loggers
+  nextjs: {
+    routes: createLogger("api:routes"),
+    middleware: createLogger("api:middleware"),
+    handlers: {
+      auth: createLogger("api:handlers:auth")
+    }
+  },
+  // React specific loggers
+  react: {
+    components: createLogger("react:components"),
+    hooks: createLogger("react:hooks"),
+    context: createLogger("react:context")
+  },
+  // Shared utilities loggers
+  services: {
+    validation: createLogger("utils:validation"),
+    network: createLogger("utils:network")
+  }
+};
+
+// src/nextjs/config.ts
+var logger = loggers.nextjs.handlers.auth;
+var defaultAuthConfig = {
+  oauthServer: "https://auth-dev.civic.com/oauth",
+  callbackUrl: "/api/auth/callback",
+  challengeUrl: "/api/auth/challenge",
+  logoutUrl: "/api/auth/logout",
+  loginUrl: "/",
+  include: ["/*"],
+  exclude: [],
+  cookies: {
+    tokens: {
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    },
+    user: {
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    }
+  }
+};
+var resolveAuthConfig = (config = {}) => {
+  var _a, _b, _c, _d;
+  const configFromEnv = withoutUndefined({
+    clientId: process.env._civic_auth_client_id,
+    oauthServer: process.env._civic_oauth_server,
+    callbackUrl: process.env._civic_auth_callback_url,
+    challengeUrl: process.env._civic_auth_challenge_url,
+    loginUrl: process.env._civic_auth_login_url,
+    appUrl: process.env._civic_auth_app_url,
+    logoutUrl: process.env._civic_auth_logout_url,
+    include: (_a = process.env._civic_auth_includes) == null ? void 0 : _a.split(","),
+    exclude: (_b = process.env._civic_auth_excludes) == null ? void 0 : _b.split(","),
+    cookies: process.env._civic_auth_cookie_config ? JSON.parse(process.env._civic_auth_cookie_config) : void 0
+  });
+  const mergedConfig = __spreadProps(__spreadValues(__spreadValues(__spreadValues({}, defaultAuthConfig), configFromEnv), config), {
+    // Override with directly passed config
+    cookies: {
+      tokens: __spreadValues(__spreadValues({}, defaultAuthConfig.cookies.tokens), ((_c = config.cookies) == null ? void 0 : _c.tokens) || {}),
+      user: __spreadValues(__spreadValues({}, defaultAuthConfig.cookies.user), ((_d = config.cookies) == null ? void 0 : _d.user) || {})
+    }
+  });
+  logger.debug("Config from environment:", configFromEnv);
+  logger.debug("Resolved config:", mergedConfig);
+  if (mergedConfig.clientId === void 0) {
+    throw new Error("Civic Auth client ID is required");
+  }
+  return mergedConfig;
+};
+var createCivicAuthPlugin = (clientId, authConfig = {}) => {
+  return (nextConfig) => {
+    const resolvedConfig = resolveAuthConfig(__spreadProps(__spreadValues({}, authConfig), { clientId }));
+    return __spreadProps(__spreadValues({}, nextConfig), {
+      env: __spreadProps(__spreadValues({}, nextConfig == null ? void 0 : nextConfig.env), {
+        // Internal environment variables - do not set these manually
+        _civic_auth_client_id: clientId,
+        _civic_oauth_server: resolvedConfig.oauthServer,
+        _civic_auth_callback_url: resolvedConfig.callbackUrl,
+        _civic_auth_challenge_url: resolvedConfig.challengeUrl,
+        _civic_auth_login_url: resolvedConfig.loginUrl,
+        _civic_auth_logout_url: resolvedConfig.logoutUrl,
+        _civic_auth_app_url: resolvedConfig.appUrl,
+        _civic_auth_includes: resolvedConfig.include.join(","),
+        _civic_auth_excludes: resolvedConfig.exclude.join(","),
+        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies)
+      })
+    });
+  };
+};
+
+// src/nextjs/utils.ts
+var resolveCallbackUrl = (config, alternativeUrl) => {
+  var _a;
+  const baseUrl = (_a = config.appUrl) != null ? _a : alternativeUrl;
+  const callbackUrl = new URL(config == null ? void 0 : config.callbackUrl, baseUrl).toString();
+  return callbackUrl.toString();
+};
+
+export {
+  loggers,
+  defaultAuthConfig,
+  resolveAuthConfig,
+  createCivicAuthPlugin,
+  resolveCallbackUrl
+};
+//# sourceMappingURL=chunk-EAANLFR5.mjs.map

package/dist/chunk-EAANLFR5.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/lib/logger.ts","../src/nextjs/config.ts","../src/nextjs/utils.ts"],"sourcesContent":["import debug from \"debug\";\n\nconst PACKAGE_NAME = \"@civic/auth\";\n\nexport interface Logger {\n  debug(message: string, ...args: unknown[]): void;\n  info(message: string, ...args: unknown[]): void;\n  warn(message: string, ...args: unknown[]): void;\n  error(message: string, ...args: unknown[]): void;\n}\n\nclass DebugLogger implements Logger {\n  private debugLogger: debug.Debugger;\n  private infoLogger: debug.Debugger;\n  private warnLogger: debug.Debugger;\n  private errorLogger: debug.Debugger;\n\n  constructor(namespace: string) {\n    // Format: @org/package:library:component:level\n    this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);\n    this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);\n    this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);\n    this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);\n\n    this.debugLogger.color = \"4\";\n    this.infoLogger.color = \"2\";\n    this.warnLogger.color = \"3\";\n    this.errorLogger.color = \"1\";\n  }\n\n  debug(message: string, ...args: unknown[]): void {\n    this.debugLogger(message, ...args);\n  }\n\n  info(message: string, ...args: unknown[]): void {\n    this.infoLogger(message, ...args);\n  }\n\n  warn(message: string, ...args: unknown[]): void {\n    this.warnLogger(message, ...args);\n  }\n\n  error(message: string, ...args: unknown[]): void {\n    this.errorLogger(message, ...args);\n  }\n}\n\nexport const createLogger = (namespace: string): Logger =>\n  new DebugLogger(namespace);\n\n// Pre-configured loggers for different parts of your package\nexport const loggers = {\n  // Next.js specific loggers\n  nextjs: {\n    routes: createLogger(\"api:routes\"),\n    middleware: createLogger(\"api:middleware\"),\n    handlers: {\n      auth: createLogger(\"api:handlers:auth\"),\n    },\n  },\n  // React specific loggers\n  react: {\n    components: createLogger(\"react:components\"),\n    hooks: createLogger(\"react:hooks\"),\n    context: createLogger(\"react:context\"),\n  },\n  // Shared utilities loggers\n  services: {\n    validation: createLogger(\"utils:validation\"),\n    network: createLogger(\"utils:network\"),\n  },\n} as const;\n","/* eslint-disable turbo/no-undeclared-env-vars */\nimport { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger\";\nimport { withoutUndefined } from \"@/utils\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport interface CookieConfig {\n  secure?: boolean;\n  sameSite?: \"strict\" | \"lax\" | \"none\";\n  domain?: string;\n  path?: string;\n  maxAge?: number;\n}\n\nexport type AuthConfigWithDefaults = {\n  clientId: string;\n  oauthServer: string;\n  callbackUrl: string;\n  loginUrl: string;\n  logoutUrl: string;\n  appUrl?: string;\n  challengeUrl: string;\n  include: string[];\n  exclude: string[];\n  cookies: {\n    tokens: CookieConfig;\n    user: CookieConfig;\n  };\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n  oauthServer: \"https://auth-dev.civic.com/oauth\",\n  callbackUrl: \"/api/auth/callback\",\n  challengeUrl: \"/api/auth/challenge\",\n  logoutUrl: \"/api/auth/logout\",\n  loginUrl: \"/\",\n  include: [\"/*\"],\n  exclude: [],\n  cookies: {\n    tokens: {\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n    user: {\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n  },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n  config: AuthConfig = {},\n): AuthConfigWithDefaults & { clientId: string } => {\n  // Read configuration that was set by the plugin via environment variables\n  const configFromEnv = withoutUndefined({\n    clientId: process.env._civic_auth_client_id,\n    oauthServer: process.env._civic_oauth_server,\n    callbackUrl: process.env._civic_auth_callback_url,\n    challengeUrl: process.env._civic_auth_challenge_url,\n    loginUrl: process.env._civic_auth_login_url,\n    appUrl: process.env._civic_auth_app_url,\n    logoutUrl: process.env._civic_auth_logout_url,\n    include: process.env._civic_auth_includes?.split(\",\"),\n    exclude: process.env._civic_auth_excludes?.split(\",\"),\n    cookies: process.env._civic_auth_cookie_config\n      ? JSON.parse(process.env._civic_auth_cookie_config)\n      : undefined,\n  });\n\n  const mergedConfig = {\n    ...defaultAuthConfig,\n    ...configFromEnv, // Apply plugin-set config\n    ...config, // Override with directly passed config\n    cookies: {\n      tokens: {\n        ...defaultAuthConfig.cookies.tokens,\n        ...(config.cookies?.tokens || {}),\n      },\n      user: {\n        ...defaultAuthConfig.cookies.user,\n        ...(config.cookies?.user || {}),\n      },\n    },\n  };\n\n  logger.debug(\"Config from environment:\", configFromEnv);\n  logger.debug(\"Resolved config:\", mergedConfig);\n  if (mergedConfig.clientId === undefined) {\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n  return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   clientId: 'my-client-id',\n *   callbackUrl: '/custom/callback',\n *   loginUrl: '/custom/login',\n *   logoutUrl: '/custom/logout',\n *   include: ['/protected/*'],\n *   exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n  clientId: string,\n  authConfig: AuthConfig = {},\n) => {\n  return (nextConfig?: NextConfig) => {\n    const resolvedConfig = resolveAuthConfig({ ...authConfig, clientId });\n    return {\n      ...nextConfig,\n      env: {\n        ...nextConfig?.env,\n        // Internal environment variables - do not set these manually\n        _civic_auth_client_id: clientId,\n        _civic_oauth_server: resolvedConfig.oauthServer,\n        _civic_auth_callback_url: resolvedConfig.callbackUrl,\n        _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n        _civic_auth_login_url: resolvedConfig.loginUrl,\n        _civic_auth_logout_url: resolvedConfig.logoutUrl,\n        _civic_auth_app_url: resolvedConfig.appUrl,\n        _civic_auth_includes: resolvedConfig.include.join(\",\"),\n        _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n      },\n    };\n  };\n};\n","import { AuthConfigWithDefaults } from \"@/nextjs/config\";\n\nexport const resolveCallbackUrl = (\n  config: AuthConfigWithDefaults,\n  alternativeUrl?: string,\n): string => {\n  const baseUrl = config.appUrl ?? alternativeUrl;\n  const callbackUrl = new URL(config?.callbackUrl, baseUrl).toString();\n  return callbackUrl.toString();\n};\n"],"mappings":";;;;;;;;;AAAA,OAAO,WAAW;AAElB,IAAM,eAAe;AASrB,IAAM,cAAN,MAAoC;AAAA,EAMlC,YAAY,WAAmB;AAE7B,SAAK,cAAc,MAAM,GAAG,YAAY,IAAI,SAAS,QAAQ;AAC7D,SAAK,aAAa,MAAM,GAAG,YAAY,IAAI,SAAS,OAAO;AAC3D,SAAK,aAAa,MAAM,GAAG,YAAY,IAAI,SAAS,OAAO;AAC3D,SAAK,cAAc,MAAM,GAAG,YAAY,IAAI,SAAS,QAAQ;AAE7D,SAAK,YAAY,QAAQ;AACzB,SAAK,WAAW,QAAQ;AACxB,SAAK,WAAW,QAAQ;AACxB,SAAK,YAAY,QAAQ;AAAA,EAC3B;AAAA,EAEA,MAAM,YAAoB,MAAuB;AAC/C,SAAK,YAAY,SAAS,GAAG,IAAI;AAAA,EACnC;AAAA,EAEA,KAAK,YAAoB,MAAuB;AAC9C,SAAK,WAAW,SAAS,GAAG,IAAI;AAAA,EAClC;AAAA,EAEA,KAAK,YAAoB,MAAuB;AAC9C,SAAK,WAAW,SAAS,GAAG,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,YAAoB,MAAuB;AAC/C,SAAK,YAAY,SAAS,GAAG,IAAI;AAAA,EACnC;AACF;AAEO,IAAM,eAAe,CAAC,cAC3B,IAAI,YAAY,SAAS;AAGpB,IAAM,UAAU;AAAA;AAAA,EAErB,QAAQ;AAAA,IACN,QAAQ,aAAa,YAAY;AAAA,IACjC,YAAY,aAAa,gBAAgB;AAAA,IACzC,UAAU;AAAA,MACR,MAAM,aAAa,mBAAmB;AAAA,IACxC;AAAA,EACF;AAAA;AAAA,EAEA,OAAO;AAAA,IACL,YAAY,aAAa,kBAAkB;AAAA,IAC3C,OAAO,aAAa,aAAa;AAAA,IACjC,SAAS,aAAa,eAAe;AAAA,EACvC;AAAA;AAAA,EAEA,UAAU;AAAA,IACR,YAAY,aAAa,kBAAkB;AAAA,IAC3C,SAAS,aAAa,eAAe;AAAA,EACvC;AACF;;;AClEA,IAAM,SAAS,QAAQ,OAAO,SAAS;AAiChC,IAAM,oBAA8D;AAAA,EACzE,aAAa;AAAA,EACb,aAAa;AAAA,EACb,cAAc;AAAA,EACd,WAAW;AAAA,EACX,UAAU;AAAA,EACV,SAAS,CAAC,IAAI;AAAA,EACd,SAAS,CAAC;AAAA,EACV,SAAS;AAAA,IACP,QAAQ;AAAA,MACN,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,KAAK;AAAA;AAAA,IACf;AAAA,IACA,MAAM;AAAA,MACJ,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,KAAK;AAAA;AAAA,IACf;AAAA,EACF;AACF;AAmBO,IAAM,oBAAoB,CAC/B,SAAqB,CAAC,MAC4B;AA/EpD;AAiFE,QAAM,gBAAgB,iBAAiB;AAAA,IACrC,UAAU,QAAQ,IAAI;AAAA,IACtB,aAAa,QAAQ,IAAI;AAAA,IACzB,aAAa,QAAQ,IAAI;AAAA,IACzB,cAAc,QAAQ,IAAI;AAAA,IAC1B,UAAU,QAAQ,IAAI;AAAA,IACtB,QAAQ,QAAQ,IAAI;AAAA,IACpB,WAAW,QAAQ,IAAI;AAAA,IACvB,UAAS,aAAQ,IAAI,yBAAZ,mBAAkC,MAAM;AAAA,IACjD,UAAS,aAAQ,IAAI,yBAAZ,mBAAkC,MAAM;AAAA,IACjD,SAAS,QAAQ,IAAI,4BACjB,KAAK,MAAM,QAAQ,IAAI,yBAAyB,IAChD;AAAA,EACN,CAAC;AAED,QAAM,eAAe,+DAChB,oBACA,gBACA,SAHgB;AAAA;AAAA,IAInB,SAAS;AAAA,MACP,QAAQ,kCACH,kBAAkB,QAAQ,WACzB,YAAO,YAAP,mBAAgB,WAAU,CAAC;AAAA,MAEjC,MAAM,kCACD,kBAAkB,QAAQ,SACzB,YAAO,YAAP,mBAAgB,SAAQ,CAAC;AAAA,IAEjC;AAAA,EACF;AAEA,SAAO,MAAM,4BAA4B,aAAa;AACtD,SAAO,MAAM,oBAAoB,YAAY;AAC7C,MAAI,aAAa,aAAa,QAAW;AACvC,UAAM,IAAI,MAAM,kCAAkC;AAAA,EACpD;AACA,SAAO;AACT;AAyBO,IAAM,wBAAwB,CACnC,UACA,aAAyB,CAAC,MACvB;AACH,SAAO,CAAC,eAA4B;AAClC,UAAM,iBAAiB,kBAAkB,iCAAK,aAAL,EAAiB,SAAS,EAAC;AACpE,WAAO,iCACF,aADE;AAAA,MAEL,KAAK,iCACA,yCAAY,MADZ;AAAA;AAAA,QAGH,uBAAuB;AAAA,QACvB,qBAAqB,eAAe;AAAA,QACpC,0BAA0B,eAAe;AAAA,QACzC,2BAA2B,eAAe;AAAA,QAC1C,uBAAuB,eAAe;AAAA,QACtC,wBAAwB,eAAe;AAAA,QACvC,qBAAqB,eAAe;AAAA,QACpC,sBAAsB,eAAe,QAAQ,KAAK,GAAG;AAAA,QACrD,sBAAsB,eAAe,QAAQ,KAAK,GAAG;AAAA,QACrD,2BAA2B,KAAK,UAAU,eAAe,OAAO;AAAA,MAClE;AAAA,IACF;AAAA,EACF;AACF;;;ACrKO,IAAM,qBAAqB,CAChC,QACA,mBACW;AALb;AAME,QAAM,WAAU,YAAO,WAAP,YAAiB;AACjC,QAAM,cAAc,IAAI,IAAI,iCAAQ,aAAa,OAAO,EAAE,SAAS;AACnE,SAAO,YAAY,SAAS;AAC9B;","names":[]}

package/dist/chunk-EGFTMH5S.mjs

@@ -0,0 +1,214 @@
+import {
+  AUTH_SERVER,
+  DEFAULT_SCOPES,
+  GenericAuthenticationInitiator,
+  GenericPublicClientPKCEProducer,
+  exchangeTokens,
+  getEndpointsWithOverrides,
+  retrieveTokens,
+  storeTokens
+} from "./chunk-PMDIR5XE.mjs";
+import {
+  __async,
+  __spreadProps,
+  __spreadValues
+} from "./chunk-RGHW4PYM.mjs";
+
+// src/shared/storage.ts
+var DEFAULT_COOKIE_DURATION = 60 * 15;
+var CookieStorage = class {
+  constructor(settings = {}) {
+    var _a, _b, _c, _d, _e;
+    this.settings = {
+      httpOnly: (_a = settings.httpOnly) != null ? _a : true,
+      secure: (_b = settings.secure) != null ? _b : true,
+      // the callback request comes the auth server
+      // 'lax' ensures the code_verifier cookie is sent with the request
+      sameSite: (_c = settings.sameSite) != null ? _c : "lax",
+      expires: (_d = settings.expires) != null ? _d : new Date(Date.now() + 1e3 * DEFAULT_COOKIE_DURATION),
+      path: (_e = settings.path) != null ? _e : "/"
+    };
+  }
+};
+
+// src/server/ServerAuthenticationResolver.ts
+import { OAuth2Client } from "oslo/oauth2";
+var ServerAuthenticationResolver = class _ServerAuthenticationResolver {
+  constructor(authConfig, storage, endpointOverrides) {
+    this.authConfig = authConfig;
+    this.storage = storage;
+    this.endpointOverrides = endpointOverrides;
+    this.pkceProducer = new GenericPublicClientPKCEProducer(storage);
+  }
+  validateExistingSession() {
+    throw new Error("Method not implemented.");
+  }
+  init() {
+    return __async(this, null, function* () {
+      this.endpoints = yield getEndpointsWithOverrides(
+        this.authConfig.oauthServer,
+        this.endpointOverrides
+      );
+      this.oauth2client = new OAuth2Client(
+        this.authConfig.clientId,
+        this.endpoints.auth,
+        this.endpoints.token,
+        {
+          redirectURI: this.authConfig.redirectUrl
+        }
+      );
+      return this;
+    });
+  }
+  tokenExchange(code, state) {
+    return __async(this, null, function* () {
+      if (!this.oauth2client) yield this.init();
+      const codeVerifier = yield this.pkceProducer.getCodeVerifier();
+      if (!codeVerifier) throw new Error("Code verifier not found in storage");
+      const tokens = yield exchangeTokens(
+        code,
+        state,
+        this.pkceProducer,
+        this.oauth2client,
+        // clean up types here to avoid the ! operator
+        this.authConfig.oauthServer,
+        this.endpoints
+        // clean up types here to avoid the ! operator
+      );
+      storeTokens(this.storage, tokens);
+      return tokens;
+    });
+  }
+  getSessionData() {
+    return __async(this, null, function* () {
+      const storageData = retrieveTokens(this.storage);
+      if (!storageData) return null;
+      return {
+        authenticated: !!storageData.id_token,
+        idToken: storageData.id_token,
+        accessToken: storageData.access_token,
+        refreshToken: storageData.refresh_token
+      };
+    });
+  }
+  static build(authConfig, storage, endpointOverrides) {
+    return __async(this, null, function* () {
+      const resolver = new _ServerAuthenticationResolver(
+        authConfig,
+        storage,
+        endpointOverrides
+      );
+      yield resolver.init();
+      return resolver;
+    });
+  }
+};
+
+// src/server/login.ts
+function resolveOAuthAccessCode(code, state, storage, config) {
+  return __async(this, null, function* () {
+    var _a;
+    const authSessionService = yield ServerAuthenticationResolver.build(
+      __spreadProps(__spreadValues({}, config), {
+        oauthServer: (_a = config.oauthServer) != null ? _a : AUTH_SERVER
+      }),
+      storage,
+      config.endpointOverrides
+    );
+    return authSessionService.tokenExchange(code, state);
+  });
+}
+function isLoggedIn(storage) {
+  return !!storage.get("id_token");
+}
+function buildLoginUrl(config, storage) {
+  return __async(this, null, function* () {
+    var _a, _b, _c;
+    const state = (_a = config.state) != null ? _a : Math.random().toString(36).substring(2);
+    const scopes = (_b = config.scopes) != null ? _b : DEFAULT_SCOPES;
+    const pkceProducer = new GenericPublicClientPKCEProducer(storage);
+    const authInitiator = new GenericAuthenticationInitiator(__spreadProps(__spreadValues({}, config), {
+      state,
+      scopes,
+      oauthServer: (_c = config.oauthServer) != null ? _c : AUTH_SERVER,
+      // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session
+      pkceConsumer: pkceProducer
+    }));
+    return authInitiator.signIn();
+  });
+}
+
+// src/shared/GenericAuthenticationRefresher.ts
+import { OAuth2Client as OAuth2Client2 } from "oslo/oauth2";
+var GenericAuthenticationRefresher = class _GenericAuthenticationRefresher {
+  constructor(authConfig, storage, endpointOverrides) {
+    this.authConfig = authConfig;
+    this.storage = storage;
+    this.endpointOverrides = endpointOverrides;
+  }
+  init() {
+    return __async(this, null, function* () {
+      this.endpoints = yield getEndpointsWithOverrides(
+        this.authConfig.oauthServer,
+        this.endpointOverrides
+      );
+      this.oauth2client = new OAuth2Client2(
+        this.authConfig.clientId,
+        this.endpoints.auth,
+        this.endpoints.token,
+        {
+          redirectURI: this.authConfig.redirectUrl
+        }
+      );
+      return this;
+    });
+  }
+  static build(authConfig, storage, endpointOverrides) {
+    return __async(this, null, function* () {
+      const refresher = new _GenericAuthenticationRefresher(
+        authConfig,
+        storage,
+        endpointOverrides
+      );
+      yield refresher.init();
+      return refresher;
+    });
+  }
+  refreshTokens() {
+    return __async(this, null, function* () {
+      if (!this.oauth2client) yield this.init();
+      const tokens = retrieveTokens(this.storage);
+      if (!(tokens == null ? void 0 : tokens.refresh_token)) throw new Error("No refresh token available");
+      const oauth2Client = this.oauth2client;
+      const refreshedTokens = yield oauth2Client.refreshAccessToken(
+        tokens.refresh_token
+      );
+      storeTokens(this.storage, refreshedTokens);
+      return tokens;
+    });
+  }
+};
+
+// src/server/refresh.ts
+function refreshTokens(storage, config) {
+  return __async(this, null, function* () {
+    var _a;
+    const refresher = yield GenericAuthenticationRefresher.build(
+      __spreadProps(__spreadValues({}, config), {
+        oauthServer: (_a = config.oauthServer) != null ? _a : AUTH_SERVER
+      }),
+      storage,
+      config.endpointOverrides
+    );
+    return refresher.refreshTokens();
+  });
+}
+
+export {
+  CookieStorage,
+  resolveOAuthAccessCode,
+  isLoggedIn,
+  buildLoginUrl,
+  refreshTokens
+};
+//# sourceMappingURL=chunk-EGFTMH5S.mjs.map

package/dist/chunk-EGFTMH5S.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/shared/storage.ts","../src/server/ServerAuthenticationResolver.ts","../src/server/login.ts","../src/shared/GenericAuthenticationRefresher.ts","../src/server/refresh.ts"],"sourcesContent":["import { AuthStorage, SessionData, UnknownObject, User } from \"@/types.js\";\n\ntype SameSiteOption = \"strict\" | \"lax\" | \"none\";\n\nexport interface SessionStorage {\n  get(): SessionData;\n  getUser(): User<UnknownObject> | null;\n  set(data: Partial<SessionData>): void;\n  setUser(data: User<UnknownObject> | null): void;\n  clear(): void;\n}\n\nexport type CookieStorageSettings = {\n  httpOnly: boolean;\n  secure: boolean;\n  sameSite: SameSiteOption;\n  expires: Date;\n  path: string;\n};\n\nexport const DEFAULT_COOKIE_DURATION = 60 * 15; // 15 minutes\n\nexport abstract class CookieStorage implements AuthStorage {\n  protected settings: CookieStorageSettings;\n  protected constructor(settings: Partial<CookieStorageSettings> = {}) {\n    this.settings = {\n      httpOnly: settings.httpOnly ?? true,\n      secure: settings.secure ?? true,\n      // the callback request comes the auth server\n      // 'lax' ensures the code_verifier cookie is sent with the request\n      sameSite: settings.sameSite ?? \"lax\",\n      expires:\n        settings.expires ??\n        new Date(Date.now() + 1000 * DEFAULT_COOKIE_DURATION),\n      path: settings.path ?? \"/\",\n    };\n  }\n  abstract get(key: string): string | null;\n  abstract set(key: string, value: string): void;\n}\n","import { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport {\n  AuthStorage,\n  Endpoints,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport { AuthConfig } from \"@/server/config.js\";\nimport {\n  exchangeTokens,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n} from \"@/shared/util.js\";\nimport { AuthenticationResolver, PKCEProducer } from \"@/services/types.ts\";\n\nexport class ServerAuthenticationResolver implements AuthenticationResolver {\n  private pkceProducer: PKCEProducer;\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  private constructor(\n    readonly authConfig: AuthConfig,\n    readonly storage: AuthStorage,\n    readonly endpointOverrides?: Partial<Endpoints>,\n  ) {\n    this.pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  }\n  validateExistingSession(): Promise<SessionData> {\n    throw new Error(\"Method not implemented.\");\n  }\n\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.authConfig.oauthServer,\n      this.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.authConfig.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.authConfig.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.authConfig.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n\n    storeTokens(this.storage, tokens);\n\n    return tokens;\n  }\n\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = retrieveTokens(this.storage);\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    storage: AuthStorage,\n    endpointOverrides?: Partial<Endpoints>,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new ServerAuthenticationResolver(\n      authConfig,\n      storage,\n      endpointOverrides,\n    );\n    await resolver.init();\n\n    return resolver;\n  }\n}\n","import { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport { AuthConfig } from \"@/server/config.ts\";\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n  code: string,\n  state: string,\n  storage: AuthStorage,\n  config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n  const authSessionService = await ServerAuthenticationResolver.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? AUTH_SERVER,\n    },\n    storage,\n    config.endpointOverrides,\n  );\n\n  return authSessionService.tokenExchange(code, state);\n}\n\nexport function isLoggedIn(storage: AuthStorage): boolean {\n  return !!storage.get(\"id_token\");\n}\n\nexport async function buildLoginUrl(\n  config: Pick<AuthConfig, \"oauthServer\" | \"clientId\" | \"redirectUrl\"> & {\n    scopes?: string[];\n    state?: string;\n    nonce?: string;\n  },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? AUTH_SERVER,\n    // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n    pkceConsumer: pkceProducer,\n  });\n\n  return authInitiator.signIn();\n}\n","import { AuthenticationRefresher } from \"@/services/types.ts\";\nimport { AuthStorage, Endpoints, OIDCTokenResponseBody } from \"@/types\";\nimport {\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n} from \"@/shared/util.ts\";\nimport { AuthConfig } from \"@/server/config.ts\";\nimport { OAuth2Client } from \"oslo/oauth2\";\n\nexport class GenericAuthenticationRefresher implements AuthenticationRefresher {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  private constructor(\n    private authConfig: AuthConfig,\n    private storage: AuthStorage,\n    private endpointOverrides?: Partial<Endpoints>,\n  ) {}\n\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.authConfig.oauthServer,\n      this.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.authConfig.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.authConfig.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    storage: AuthStorage,\n    endpointOverrides?: Partial<Endpoints>,\n  ): Promise<GenericAuthenticationRefresher> {\n    const refresher = new GenericAuthenticationRefresher(\n      authConfig,\n      storage,\n      endpointOverrides,\n    );\n    await refresher.init();\n\n    return refresher;\n  }\n\n  async refreshTokens() {\n    if (!this.oauth2client) await this.init();\n\n    const tokens = retrieveTokens(this.storage);\n    if (!tokens?.refresh_token) throw new Error(\"No refresh token available\");\n\n    const oauth2Client = this.oauth2client!;\n    const refreshedTokens =\n      await oauth2Client.refreshAccessToken<OIDCTokenResponseBody>(\n        tokens.refresh_token,\n      );\n\n    storeTokens(this.storage, refreshedTokens);\n\n    return tokens;\n  }\n}\n","import { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { AUTH_SERVER } from \"@/constants.js\";\nimport { GenericAuthenticationRefresher } from \"@/shared/GenericAuthenticationRefresher.ts\";\nimport { AuthConfig } from \"@/server/config.ts\";\n\n/**\n * Refresh the current set of OIDC tokens\n */\nexport async function refreshTokens(\n  storage: AuthStorage,\n  config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n  const refresher = await GenericAuthenticationRefresher.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? AUTH_SERVER,\n    },\n    storage,\n    config.endpointOverrides,\n  );\n\n  return refresher.refreshTokens();\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAoBO,IAAM,0BAA0B,KAAK;AAErC,IAAe,gBAAf,MAAoD;AAAA,EAE/C,YAAY,WAA2C,CAAC,GAAG;AAxBvE;AAyBI,SAAK,WAAW;AAAA,MACd,WAAU,cAAS,aAAT,YAAqB;AAAA,MAC/B,SAAQ,cAAS,WAAT,YAAmB;AAAA;AAAA;AAAA,MAG3B,WAAU,cAAS,aAAT,YAAqB;AAAA,MAC/B,UACE,cAAS,YAAT,YACA,IAAI,KAAK,KAAK,IAAI,IAAI,MAAO,uBAAuB;AAAA,MACtD,OAAM,cAAS,SAAT,YAAiB;AAAA,IACzB;AAAA,EACF;AAGF;;;ACtCA,SAAS,oBAAoB;AAgBtB,IAAM,+BAAN,MAAM,8BAA+D;AAAA,EAKlE,YACG,YACA,SACA,mBACT;AAHS;AACA;AACA;AAET,SAAK,eAAe,IAAI,gCAAgC,OAAO;AAAA,EACjE;AAAA,EACA,0BAAgD;AAC9C,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAAA,EAEM,OAAsB;AAAA;AAE1B,WAAK,YAAY,MAAM;AAAA,QACrB,KAAK,WAAW;AAAA,QAChB,KAAK;AAAA,MACP;AACA,WAAK,eAAe,IAAI;AAAA,QACtB,KAAK,WAAW;AAAA,QAChB,KAAK,UAAU;AAAA,QACf,KAAK,UAAU;AAAA,QACf;AAAA,UACE,aAAa,KAAK,WAAW;AAAA,QAC/B;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA;AAAA,EAEM,cACJ,MACA,OACgC;AAAA;AAChC,UAAI,CAAC,KAAK,aAAc,OAAM,KAAK,KAAK;AACxC,YAAM,eAAe,MAAM,KAAK,aAAa,gBAAgB;AAC7D,UAAI,CAAC,aAAc,OAAM,IAAI,MAAM,oCAAoC;AAGvE,YAAM,SAAS,MAAM;AAAA,QACnB;AAAA,QACA;AAAA,QACA,KAAK;AAAA,QACL,KAAK;AAAA;AAAA,QACL,KAAK,WAAW;AAAA,QAChB,KAAK;AAAA;AAAA,MACP;AAEA,kBAAY,KAAK,SAAS,MAAM;AAEhC,aAAO;AAAA,IACT;AAAA;AAAA,EAEM,iBAA8C;AAAA;AAClD,YAAM,cAAc,eAAe,KAAK,OAAO;AAE/C,UAAI,CAAC,YAAa,QAAO;AAEzB,aAAO;AAAA,QACL,eAAe,CAAC,CAAC,YAAY;AAAA,QAC7B,SAAS,YAAY;AAAA,QACrB,aAAa,YAAY;AAAA,QACzB,cAAc,YAAY;AAAA,MAC5B;AAAA,IACF;AAAA;AAAA,EAEA,OAAa,MACX,YACA,SACA,mBACiC;AAAA;AACjC,YAAM,WAAW,IAAI;AAAA,QACnB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,YAAM,SAAS,KAAK;AAEpB,aAAO;AAAA,IACT;AAAA;AACF;;;ACxFA,SAAsB,uBACpB,MACA,OACA,SACA,QACgC;AAAA;AAlBlC;AAmBE,UAAM,qBAAqB,MAAM,6BAA6B;AAAA,MAC5D,iCACK,SADL;AAAA,QAEE,cAAa,YAAO,gBAAP,YAAsB;AAAA,MACrC;AAAA,MACA;AAAA,MACA,OAAO;AAAA,IACT;AAEA,WAAO,mBAAmB,cAAc,MAAM,KAAK;AAAA,EACrD;AAAA;AAEO,SAAS,WAAW,SAA+B;AACxD,SAAO,CAAC,CAAC,QAAQ,IAAI,UAAU;AACjC;AAEA,SAAsB,cACpB,QAKA,SACc;AAAA;AA1ChB;AA4CE,UAAM,SAAQ,YAAO,UAAP,YAAgB,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,UAAU,CAAC;AACpE,UAAM,UAAS,YAAO,WAAP,YAAiB;AAChC,UAAM,eAAe,IAAI,gCAAgC,OAAO;AAChE,UAAM,gBAAgB,IAAI,+BAA+B,iCACpD,SADoD;AAAA,MAEvD;AAAA,MACA;AAAA,MACA,cAAa,YAAO,gBAAP,YAAsB;AAAA;AAAA,MAEnC,cAAc;AAAA,IAChB,EAAC;AAED,WAAO,cAAc,OAAO;AAAA,EAC9B;AAAA;;;ACjDA,SAAS,gBAAAA,qBAAoB;AAEtB,IAAM,iCAAN,MAAM,gCAAkE;AAAA,EAIrE,YACE,YACA,SACA,mBACR;AAHQ;AACA;AACA;AAAA,EACP;AAAA,EAEG,OAAsB;AAAA;AAE1B,WAAK,YAAY,MAAM;AAAA,QACrB,KAAK,WAAW;AAAA,QAChB,KAAK;AAAA,MACP;AACA,WAAK,eAAe,IAAIC;AAAA,QACtB,KAAK,WAAW;AAAA,QAChB,KAAK,UAAU;AAAA,QACf,KAAK,UAAU;AAAA,QACf;AAAA,UACE,aAAa,KAAK,WAAW;AAAA,QAC/B;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA;AAAA,EAEA,OAAa,MACX,YACA,SACA,mBACyC;AAAA;AACzC,YAAM,YAAY,IAAI;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,YAAM,UAAU,KAAK;AAErB,aAAO;AAAA,IACT;AAAA;AAAA,EAEM,gBAAgB;AAAA;AACpB,UAAI,CAAC,KAAK,aAAc,OAAM,KAAK,KAAK;AAExC,YAAM,SAAS,eAAe,KAAK,OAAO;AAC1C,UAAI,EAAC,iCAAQ,eAAe,OAAM,IAAI,MAAM,4BAA4B;AAExE,YAAM,eAAe,KAAK;AAC1B,YAAM,kBACJ,MAAM,aAAa;AAAA,QACjB,OAAO;AAAA,MACT;AAEF,kBAAY,KAAK,SAAS,eAAe;AAEzC,aAAO;AAAA,IACT;AAAA;AACF;;;AC7DA,SAAsB,cACpB,SACA,QACgC;AAAA;AAXlC;AAYE,UAAM,YAAY,MAAM,+BAA+B;AAAA,MACrD,iCACK,SADL;AAAA,QAEE,cAAa,YAAO,gBAAP,YAAsB;AAAA,MACrC;AAAA,MACA;AAAA,MACA,OAAO;AAAA,IACT;AAEA,WAAO,UAAU,cAAc;AAAA,EACjC;AAAA;","names":["OAuth2Client","OAuth2Client"]}